In the Claims: 



Please amend claims 1, 3, 8, 26, 90, 14, 17-21, 27, 40, 49, 52, 53, 56, 58 and 63- 
70, and please cancel claims 16, 51 and 65, as indicated below. 

1. (Currently amended) A method comprising: 

determining an authentication type to be used between a first node and a second 
node in a networked computer system; 

plugging in a first authentication protocol handler pluggable module on the first 
node for the determined authentication type, wherein the first 
authentication protocol handler module is configured for use in generating, 
for sending to the second node, authentication information for the first 
node for sending to th e s e cond nod e; 

plugging in a second authentication protocol handler pluggable module on the 
second node for the determined authentication type, wherein the second 
authentication protocol handler module is configured for use in 
determining if the first node is authentic using the first node authentication 
information; 

determining an access control model to be used by the second node in controlling 
access by the first node to resources of the second node by the first nod e; 
and 

plugging in an access control context pluggable module for the determined access 
control model on the second node, wherein the access control context 
module is configured for use in controlling access by the first node to 
resources of the second node by the first nod e using the access control 
model 
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2. (Original) The method as recited in claim 1, further comprising loading the 
determined access control model. 

3. (Currently amended) The method as recited in claim 1, wherein the access 
control context module encapsulates information configured for use in controlling access 
by the first node to the resources of the second node by th e first nod e. 

4. (Original) The method as recited in claim 1, wherein the first authentication 
protocol handler module includes a handle request method, wherein the second 
authentication protocol handler module includes a handle response method, wherein the 
handle request method and handle response method are configured to exchange 
authentication information during an authentication process for the first node. 

5. (Original) The method as recited in claim 1, further comprising: 

the second node sending a challenge to the first node, wherein the challenge is in 
accordance with the determined authentication type; 

the first authentication protocol handler module generating response data in 
response to the challenge, wherein the response data includes information 
for use in authenticating the first node; 

the first node sending the response data to the second node; and 

the second authentication protocol handler module authenticating the first node 
using the received response data. 

6. (Original) The method as recited in claim 5, wherein said authenticating the 
first node using the received response data comprises: 
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the second authentication protocol handler module sending the received response 
data to a user repository, wherein the user repository comprises node 
information associated with one or more network nodes; and 

the user repository comparing the response data to the node information to 
authenticate the first node. 

7. (Original) The method as recited in claim 1, further comprising: 

authenticating the first node using the first authentication protocol handler module 
and the second authentication protocol handler module; 

the authenticated first node sending to the second node a request for access to a 
resource of the second node; and 

the access control context module determining if the first node has access 
permission to the resource in response to the request for access to the 
resource of the second node. 

8. (Original) The method as recited in claim 7, further comprising: 

if said determining determines the first node has access permission to the 
resource, allowing the first node to access the resource; and 

if said determining determines the first node does not have access permission to 
the resource, inhibiting the first node from accessing the resource. 

9. (currently amended) The method as recited in claim 1, 
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wherein the second authentication protocol handler module is further configured 
for use in generatin g, for sending to the first node, authentication 
information for the second node for sending to th e first nod e; and 

wherein the first authentication protocol handler module is further configured for 
use in determining if the second node is authentic using the second node 
authentication information. 

10. (Original) The method as recited in claim 1, wherein the networked 
computer system is a messaging-based system. 

11. (Original) The method as recited in claim 1, wherein the networked 
computer system uses the Java Message Service (JMS) to support messaging between 
nodes in the network. 

12. (Original) The method as recited in claim 1 5 wherein networked computer 
system is a client-server system, wherein the first node is a client in the client-server 
system, and wherein the second node is a server in the client-server system. 

13. (Original) The method as recited in claim 1, wherein the networked 
computer system is a peer-to-peer system, wherein the first node and the second node are 
peers in the peer-to-peer system. 

14. (Currently amended) A method for authenticating nodes in a networked 
computer system, comprising: 

a first node initiating a connection to a second node in the networked computer 
system; 
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determining an authentication type to be used by the first node and the second 
node; 

initializing a first authentication protocol handler on the first node for the 
determined authentication type; 

initializing a second authentication protocol handler on the second node for the 
determined authentication type; 

the second node sending a challenge to the first node, wherein the challenge is in 
accordance with the determined authentication type; 

the first authentication protocol handler generating response data in response to 
the challenge, wherein the response data includes information for use in 
authenticating the first node; 

the first node sending the response data to the second node; and 

the second authentication protocol handler authenticating the first node using the 
received response data; 

wherein the first authentication protocol handler and the second authentication 
protocol handler are pluggable modules configured to be replaced to 
support different authentication types; 

if the first node is successfully authenticated: 

determining an access control model to be used by the second node for the 
first node; and 
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initializing an access control context module for the determined access 
control model wherein the access control context module is 
configured for use in controlling access to resources of the second 
node by the first node using the access control model 

15. (Original) The method as recited in claim 14, wherein said authenticating the 
first node using the received response data comprises: 

the second authentication protocol handler sending the received response data to a 
user repository, wherein the user repository comprises node information 
associated with one or more nodes; and 

the user repository comparing the response data to the node information to 
authenticate the first node. 

16. (Canceled) 

17. (Currently amended) The method as recited in claim 4-614, wherein the 
access control context module is a pluggable module configured to be replaced to support 
different access control models. 

18. (Currently amended) The method as recited in claim 4614, wherein the 
access control context module is configured to support different pluggable access control 
models. 

19. (Currently amended) The method as recited in claim +614, further 
comprising loading the determined access control model 

20. (Currently amended) The method as recited in claim +614, wherein the 
access control context module encapsulates information configured for use in controlling 
access by the first node to the resources of the second node by the first nod e. 
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21. (Currently amended) The method as recited in claim 4614, further 
comprising: 

the first node sending to the second node a request for access to a resource of the 
second node; 

the access control context module determining if the first node has access 
permission to the resource; 

if said determining determines the first node has access permission to the 
resource, allowing the first node to access the resource; and 

if said determining determines the first node does not have access permission to 
the resource, inhibiting the first node from accessing the resource. 

22. (Original) The method as recited in claim 14, wherein the networked 
computer system is a messaging-based system. 

23. (Original) The method as recited in claim 14, wherein the networked 
computer system uses the Java Message Service (JMS) to support messaging between 
entities in the network. 

24. (Original) The method as recited in claim 14, wherein networked computer 
system is a client-server system, wherein the first node is a client in the client-server 
system, and wherein the second node is a server in the client-server system. 

25. (Original) The method as recited in claim 14, wherein the networked 
computer system is a peer-to-peer system, wherein the first node and the second node are 
peers in the peer-to-peer system. 
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26. (Currently amended) A method comprising: 

a second node determining an authentication type to be used by the second node 
to authenticate a first node in a networked computer system; 

the second node plugging in a second authentication protocol handler pluggable 
module for the determined authentication type, wherein the second 
authentication protocol handler module is configured for use in 
determining if the first node is authentic using authentication information 
associated with the first node, wherein the first node authentication 
information is generated by a pluggable first authentication protocol 
handler module on the first node for the determined authentication type; 

the second node determining an access control model to be used by the second 
node for the first node; and 

the second node plugging in an access control context pluggable module for the 
determined access control model, wherein the access control context 
module is configured for use in controlling access to resources of the 
second node by the first node using the access control model. 

27. (Currently amended) The method as recited in claim 26, wherein the access 
control context module encapsulates information configured for use in controlling access 
by the first node to the resources of the second nod e by the first node . 

28. (Original) The method as recited in claim 26, wherein the second 
authentication protocol handler module includes a handle response method, wherein the 
handle response method is configured to exchange authentication information with a 
corresponding a handle request method of the first authentication protocol handler 
module during an authentication process for the first node. 
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29. (Original) The method as recited in claim 26, further comprising: 

the second node sending a challenge to the first node, wherein the challenge is in 
accordance with the determined authentication type; 

the second authentication protocol handler module receiving response data in 
response to the challenge, wherein the response data includes information 
for use in authenticating the first node, and wherein the response data is 
generated by the first authentication protocol handler module; and 

the second authentication protocol handler module authenticating the first node 
using the received response data. 

30. (Original) The method as recited in claim 29, wherein said authenticating the 
first node using the received response data comprises: 

the second authentication protocol handler module sending the received response 
data to a user repository, wherein the user repository comprises node 
information associated with one or more nodes; and 

the user repository comparing the response data to the node information to 
authenticate the first node. 

31. (Original) The method as recited in claim 26, further comprising: 
authenticating the first node; 

the access control context module receiving a request for access to a resource of 
the second node from the authenticated first node; and 
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the access control context module determining if the first node has access 
permission to the resource in response to the request for access to the 
resource of the second node. 

32. (Original) The method as recited in claim 31, further comprising: 

if said determining determines the first node has access permission to the 
resource, the second node allowing the first node to access the resource; 
and 

if said determining determines the first node does not have access permission to 
the resource, the second node inhibiting the first node from accessing the 
resource. 

33. (Original) The method as recited in claim 26, wherein the networked 
computer system is a messaging-based system. 

34. (Original) The method as recited in claim 26, wherein the networked 
computer system uses the Java Message Service (JMS) to support messaging between 
entities in the network. 

35. (Original) The method as recited in claim 26, wherein networked computer 
system is a client-server system, wherein the first node is a client in the client-server 
system, and wherein the second node is a server in the client-server system. 

36. (Original) The method as recited in claim 26, wherein the networked 
computer system is a peer-to-peer system, wherein the first node and the second node are 
peers in the peer-to-peer system. 

37. (Original) A system comprising: 
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a first node comprising a first memory, wherein the first memory comprises first 
program instructions executable within the first node to initiate a 
connection request to the second node; 

a second node comprising a second memory, wherein the second memory 
comprises second program instructions; 

wherein the second program instructions are executable within the second node 
to: 

determine an authentication type for use in authentication of the first node 
in response to the first program instructions initiating a connection 
request to the second node; 

initialize a second authentication protocol handler module on the second 
node for the determined authentication type; 

determine an access control model to be used by the second node; and 

initialize an access control context module for the determined access 
control model, wherein the access control context module is 
configured for use in controlling access to resources of the second 
node by the first node using the access control model; 

wherein the first program instructions are further executable within the first node 
to initialize a first authentication protocol handler module on the first node 
for the determined authentication type; and 
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wherein the first authentication protocol handler module and the second 
authentication protocol handler module are pluggable modules configured 
to be replaced to support different authentication types. 

38. (Original) The system as recited in claim 37, wherein the access control 
context module is a pluggable module configured to be replaced to support different 
access control models. 

39. (Original) The system as recited in claim 37, wherein the access control 
context module is configured to support different pluggable access control models. 

40. (Currently amended) The system as recited in claim 37, wherein the access 
control context module encapsulates information configured for use in controlling access 
bv the first node to the resources of the second nod e by th e first nod e. 

41. (Original) The system as recited in claim 37, wherein the second program 
instructions are further executable within the second node to: 

send a challenge to the first node, wherein the challenge is in accordance with the 
determined authentication type; 

wherein the first authentication protocol handler module is executable within the 
first node to generate response data in response to the challenge, wherein 
the response data includes information for use in authenticating the first 
node; 

wherein the first program instructions are further configured to send the response 
data generated by the first authentication protocol handler module to the 
second node; and 
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wherein the second authentication protocol handler module is executable within 
the second node to authenticate the first node using the received response 
data. 

42. (Original) The system as recited in claim 41, wherein the second node 
further comprises a user repository comprising information associated with one or more 
nodes, and wherein, in said authenticating the first node using the received response data, 
the second authentication protocol handler module is further executable within the second 
node to compare the response data received from the first node to the node information in 
the user repository to authenticate the first node. 

43. (Original) The system as recited in claim 37, 

wherein the second authentication protocol handler module is executable within 
the second node to exchange information with the first authentication 
protocol handler module executing within the first node to authenticate the 
first node; 

wherein the first program instructions are further executable within the first node 
to send to the second node a request for access to a resource of the second 
node; and 

wherein the access control context module is executable within the second node to 
determine if the first node has access permission to the resource in 
response to the request for access to the resource of the second node. 

44. (Original) The system as recited in claim 43, wherein the second program 
instructions are further executable within the second node to: 

allow the first node to access the resource if said determining determines the first 
node has access permission to the resource; and 
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inhibit the first node from accessing the resource if said determining determines 
the first node does not have access permission to the resource. 

45. (Original) The system as recited in claim 37, wherein the system is a 
messaging-based system. 

46. (Original) The system as recited in claim 37, wherein system uses the Java 
Message Service (JMS) to support messaging between the first node and the second node. 

47. (Original) The system as recited in claim 37, wherein the system is a client- 
server system, wherein the second node is a server node, wherein the second program 
instructions are further executable within the second node to implement a server, and 
wherein the first node is a client node, wherein the first program instructions are further 
executable within the first node to implement a client application. 

48. (Original) The system as recited in claim 37, wherein the system is a peer-to- 
peer system, wherein the first node and the second node are peers in the peer-to-peer 
system. 

49. (Currently amended) A system comprising: 

a first node comprising a first memory, wherein the first memory comprises first 
program instructions executable within the client node to implement a 
client application; 

a second node comprising a second memory, wherein the second memory 
comprises second program instructions executable within the second node 
to implement a server; 
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wherein the server is executable within the server node to: 

receive a connection request from the client application; 

determine an authentication type for use in authentication of the client 
application in response to the connection request; 

plug in a server-side authentication protocol handler pluggable module for 
the determined authentication type; 

wherein the client application is executable within the client node to plug in a 
client-side authentication protocol handler pluggable module for the 
determined authentication type; 

wherein the client-side authentication protocol handler module is executable 
within the client node to: 

receive a challenge from the server, wherein the challenge is in accordance 
with the determined authentication type; 

generate response data in response to the received challenge, wherein the 
response data includes information for use in authenticating the 
client application; 

wherein the server-side authentication protocol handler module is executable 
within the server node to: 

receive the generated response data; and 

authenticate the client application using the received response data; 
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wherein, if the client is successfully authenticated, the server is further executable 
within the server node to: 

determine an access control model to be used by the server for the client 
application; and 

plug in an access control context pluggable module for the determined 
access control model wherein the access control context module is 
configured for use by the server in controlling access to resources 
of the server by the client application , 

50. (Original) The system as recited in claim 49, wherein the server node further 
comprises a user repository comprising client information associated with one or more 
clients, and wherein, in said authenticating the client application using the received 
response data, the server-side authentication protocol handler module is further 
executable within the server node to compare the received response data to the client 
information in the user repository to authenticate the client. 

51. (Canceled) 

52. (Currently amended) The system as recited in claim #449, wherein the access 
control context module encapsulates information configured for use in controlling access 
to the resources of the server by the client. 

53. (Currently amended) The system as recited in claim £449, wherein the access 
control context module is executable within the server node to: 

receive a request for access to a resource of the server from the client application; 

determine if the client application has access permission to the resource; 
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if said determining determines the client application has access permission to the 
resource, permitting the client application to access the resource; and 

if said determining determines the client application does not have access 
permission to the resource, inhibiting the client application from accessing 
the resource. 

54. (Original) The system as recited in claim 49, wherein the system is a 
messaging-based system. 

55. (Original) The system as recited in claim 49, wherein the system uses the 
Java Message Service (JMS) to support messaging between entities in the system. 

56. (Currently amended ) A server system comprising: 

a memory, wherein the memory comprises program instructions executable within 
the server node to implement a server; 

wherein the server is executable within the server node to: 

receive a connection request from a client application; 

determine an authentication type for use in authentication of the client 
application in response to the connection request; 

plug in a server-side authentication protocol handler pluggable module for 
the determined authentication type; and 

send a challenge to the client application, wherein the challenge is in 
accordance with the determined authentication type; 
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wherein the server-side authentication protocol handler module is executable 
within the server system to 

receive response data from the client application, wherein the response 
data was generated by a pluggable client-side authentication 
protocol handler module in response to the challenge, wherein the 
response data includes information for use in authenticating the 
client application; and 

authenticate the client application using the received response data. 

57. (Original) The server system as recited in claim 56, wherein the server 
system further comprises a user repository comprising client information associated with 
one or more clients of the server, and wherein, in said authenticating the client 
application using the received response data, the server-side authentication protocol 
handler module is further executable within the server system to compare the received 
response data to the client information in the user repository to authenticate the client. 

58. (Currently amended) The server system as recited in claim 56, wherein, if the 
client is successfully authenticated, the server is further executable within the server 
system to: 

determine an access control model to be used by the server for the client 
application; and 

plug in an access control context pluggable module for the determined access 
control model, wherein the access control context module is configured 
for use by the server in controlling access to resources of the server by the 
client application. 



09/896,090 (5181-91 900/P640 1 ) 



19 



Meyertons, Hood, Kivlin, Kowert & Goetzel, P-C. 



59. (Original) The server system as recited in claim 58, wherein the access 
control context module encapsulates information configured for use in controlling access 
to the resources of the server by the client. 

60. (Original) The server system as recited in claim 58, wherein the access 
control context module is executable within the server node to: 

receive a request for access to a resource of the server from the client application; 

determine if the client application has access permission to the resource; 

if said determining determines the client application has access permission to the 
resource, permitting the client application to access the resource; and 

if said determining determines the client application does not have access 
permission to the resource, inhibiting the client application from accessing 
the resource. 

61. (Original) The server system as recited in claim 56, wherein the server 
system is a messaging-based system. 

62. (Original) The server system as recited in claim 56, wherein the server 
system uses the Java Message Service (JMS) to support messaging between entities in the 
system. 

63. (Currently amended) A carrier tangible computer accessible medium 
comprising program instructions, wherein the program instructions are computer- 
executable to implement: 
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a first node initiating a connection to a second node in a networked computer 
system; 

determining an authentication type to be used by the first node and the second 
node; 

initializing a first authentication protocol handler on the first node for the 
determined authentication type; 

initializing a second authentication protocol handler on the second node for the 
determined authentication type; 

the second node sending a challenge to the first node, wherein the challenge is in 
accordance with the determined authentication type; 

the first authentication protocol handler generating response data in response to 
the challenge, wherein the response data includes information for use in 
authenticating the first node; 

the first node sending the response data to the second node; and 

the second authentication protocol handler authenticating the first node using the 
received response data; 

wherein the first authentication protocol handler and the second authentication 
protocol handler are pluggable modules configured to be replaced to 
support different authentication types; 

wherein, if the first node is successfully authenticated, the program instructions 
are further computer-executable to implement: 
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determining an access control model to be used by the second node for the first 
node; and 



initializing an access control context module for the determined access control 
model, wherein the access control context module is configured for use in 
controlling access to resources of the second node by the first node using 
the access control model 

64. (Currently amended) The carri e r computer accessible medium as recited in 
claim 63, wherein, in said authenticating the first node using the received response data, 
the program instructions are further computer-executable to implement comparing the 
response data to information comprised in a user repository, wherein the information is 
associated with one or more nodes. 

65. (Canceled) 

66. (Currently amended) The carri e r computer accessible medium as recited in 
claim 6&63, wherein the access control context module is a pluggable module configured 
to be replaced to support different access control models. 

67. (Currently amended) The carri e r computer accessible medium as recited in 
claim 6S63, wherein the access control context module is configured to support different 
pluggable access control models. 

68. (Currently amended) The carrier computer accessible medium as recited in 
claim 6&63, wherein the program instructions are further computer-executable to 
implement: 

the first node sending to the second node a request for access to a resource of the 
second node; 
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the access control context module determining if the first node has access 
permission to the resource; 

if said determining determines the first node has access permission to the 
resource, allowing the first node to access the resource; and 

if said determining determines the first node does not have access permission to 
the resource, inhibiting the first node from accessing the resource. 

69. (Currently amended) The carri e r computer accessible medium as recited in 
claim 63, wherein networked computer system is a client-server system, wherein the first 
node is a client in the client-server system, and wherein the second node is a server in the 
client-server system. 

70. (Currently amended) The carri e r computer accessible medium as recited in 
claim 63, wherein the networked computer system is a peer-to-peer system, wherein the 
first node and the second node are peers in the peer-to-peer system. 
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